[Bug 931342] Re: XSLTProcessor::transformToXml(): runtime error
Ondřej Surý
ondrej at sury.org
Mon Feb 13 11:06:04 UTC 2012
http://www.ubuntu.com/usn/usn-1358-1/
It was discovered that PHP did not properly enforce libxslt security
settings. This could allow a remote attacker to create arbitrary
files via a crafted XSLT stylesheet that uses the libxslt output
extension. (CVE-2012-0057)
I think Steve missed adding few notes to debian/NEWS (from Debian
security update):
* The following new directives were added as part of security fixes:
- max_input_vars - specifies how many GET/POST/COOKIE input variables
may be accepted. Default value is set to 1000.
- xsl.security_prefs - define forbidden operations within XSLT
stylesheets. Write operations are now disabled by default.
** CVE added: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2012-0057
** Summary changed:
- XSLTProcessor::transformToXml(): runtime error
+ USN-1358-1 missing NEWS entry about XSLT write operations disabled by default
** Changed in: php5 (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to php5 in Ubuntu.
https://bugs.launchpad.net/bugs/931342
Title:
USN-1358-1 missing NEWS entry about XSLT write operations disabled by
default
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/php5/+bug/931342/+subscriptions
More information about the Ubuntu-server-bugs
mailing list